= Subscriber content; log in or subscribe now to access all American Banker content.
Bloomberg News
Rep. Dutch Ruppersberger (above right) who, along with Rep. Mike Rogers, sponsored CISPA, tweeted after the bill's passage that it was "a good day for Americans."
Player Template for http://www.americanbanker.com

House Passes Controversial Cybersecurity Bill


As expected, the U.S. House of Representatives on Thursday passed a controversial bill that aims to bolster the nation's defenses against cyber threats.

The measure, the Cyber Intelligence Sharing and Protection Act, or CISPA, would authorize the National Security Agency and other intelligence agencies to share information about digital threats with owners of financial networks, energy grids and other critical infrastructure.

The legislation, which cleared the House by a vote of 288 to 127, also would immunize companies that exchange information with the government and one another from legal liability that many firms say currently deters such sharing.

Ninety-two Democrats voted with Republicans in favor of CISPA, which garnered more Democratic support than a similar measure that passed the House last year with the backing of 42 Democrats.

The push for cybersecurity legislation now moves to the Senate, where efforts to advance a bill to address digital threats failed twice last year. However, the current push comes a amid a wave of cyberattacks on the nation's biggest banks and a report in February that hackers tied to China's military have stolen business secrets from U.S. companies for years.

"This is a good day for Americans," Rep. Dutch Ruppersberger, D-Md., the top Democrat on the House Intelligence Committee who joined with the panel's chairman, Rep. Mike Rogers, R-Mich., to sponsor CISPA, tweeted after the House vote.

The American Bankers Association and other business groups back CISPA, which supporters say would allow private-sector firms to swap information about digital threats with the government and one another in real time.

Critics charge that CISPA lacks safeguards that would require companies to strip people's personal data from information before sharing it with spy agencies. "This bill undermines the privacy of millions of Internet users," Rainey Reitman, activism director at the Electronic Frontier Foundation, a civil liberties group, said in a statement posted on the group's website after Thursday's vote.

Prospects for the legislation in its current form remain uncertain.

The White House has threatened to veto the measure because of privacy concerns, but said it stands ready to work with Congress to strengthen the nation's cyber defenses.

In January, Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., introduced a bill that calls for information sharing about cyber threats between the government and private-sector firms but stops short of specifying a mechanism for achieving the goal. Rockefeller, who is joined in the effort by Intelligence Committee Chairman Dianne Feinstein, D-Calif., and Homeland Security Committee Chairman Tom Carper, D-Del., has called advancing the legislation a priority.

During debate on the measure Thursday, CISPA's backers took steps they hoped would win over legislators who shared concerns about the bill's effect on privacy.

The House adopted an amendment by Homeland Security Committee Chairman Michael McCaul, R-Tex., that would have run information about cyber threats through the Department of Homeland Security, a civilian agency, before the information went to the intelligence services.

Though the amendment passed overwhelmingly, it proved to be insufficient to win over many legislators. "Our response to cyber threats must balance our security with our liberty," Nancy Pelosi, D-Calif., the Democratic minority leader, tweeted on Thursday afternoon. "I cannot support #CISPA in its current form."




Nine Best Defenses Against Cyberhacktivist Attacks
The recent round of massive distributed denial of service attacks that have hit Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bancorp, Capital One, SunTrust, Regions Financial and more recently HSBC and Ally Financial are unusually hard, but not impossible, to thwart.

One challenge is that the attacks are not coming from known malicious sources. Therefore the traditional line of defense — keeping a blacklist of cybercriminals, chains and groups that can be prevented from accessing a web server — doesn't work.

Attackers can also spoof IP addresses, so the identity of the incoming user is easily muddled. "These reports are coming out of Iran, but there are plenty of countries, people and competitors that want to diminish the effectiveness of websites for banks and companies everywhere," says Marty Meyer, CEO of Corero Network Security in Hudson, Mass. "To me, this is a cyberwar and people have to be prepared to protect themselves against it."

In a distributed denial of service attack, a web server is flooded with so many requests from multiple sources that it struggles to keep up and therefore its performance is slowed and sometimes stopped altogether. This does not necessarily lead to theft or even access to any sensitive information, but it is extremely inconvenient for banks and their online banking customers. "All the banks now are scrambling to figure out what to do," observes Meyer. "I think these hacktivists want to create some sort of doubt in the American consumer in the financial institutions, and create instability that way."

But this is a cyber war that can be won, he and others say. "It requires a layered approach, but it's totally preventable," Meyer says. "A lot of the articles out there have people throwing up their hands saying 'What can we do?' which is really scary if you're a consumer and your money's in the bank. There are really good technologies out there." Here are some examples of solutions to help banks before, during and after a DDOS attack.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Already a subscriber? Log in here
Please note you must now log in with your email address and password.